<?php
session_start();
require_once('dbtools.php');

function session_protect(){
	if ( (!isset($_SESSION["auth"])) || ($_SESSION["auth"]!="ok")) {
		die("NO SESSION");
	}
}


function challenge($login,$pass){

	// on se connecte à MySQL
	$cnx=dbconn();
	$sql = 'SELECT loginUser,pwdUser FROM User where loginUser=? AND pwdUser=?';
	$pq=$cnx->prepare($sql);
	$pq->bindParam(1, $login);
	$pq->bindParam(2, $pass);

	$result=$pq->execute();
	// on envoie la requête
	$pq->fetch(PDO::FETCH_OBJ);
	
	if ($pq->rowCount()!=1){
		return false;	
	}else{
		return true;	
	}
}



function session_login($login,$pass){
		if (challenge($login,$pass)){
			$_SESSION["user"]=$login;
			$_SESSION["auth"]="ok";
			return true;
		}else{
			$_SESSION["user"]="none";
			$_SESSION["auth"]="none";
			return false;
		}
}


function session_logout(){
		$_SESSION["user"]="none";
		$_SESSION["auth"]="none";
}


 

?>
